# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnupg
# Upgrade to LTS versions only.
pkgver=2.2.36
_ver=${pkgver/_beta/-beta}
pkgrel=0
pkgdesc="GNU Privacy Guard 2 - meta package for full GnuPG suite"
url="https://www.gnupg.org/"
arch="all"
license="GPL-3.0-or-later"
depends="gpg=$pkgver-r$pkgrel
	gpg-agent=$pkgver-r$pkgrel
	gpg-wks-server=$pkgver-r$pkgrel
	gpgsm=$pkgver-r$pkgrel
	gpgv=$pkgver-r$pkgrel
	$pkgname-dirmngr=$pkgver-r$pkgrel
	$pkgname-utils=$pkgver-r$pkgrel
	$pkgname-wks-client=$pkgver-r$pkgrel
	"
makedepends="
	autoconf
	automake
	bzip2-dev
	gettext-dev
	gnutls-dev
	libassuan-dev
	libgcrypt-dev
	libgpg-error-dev
	libksba-dev
	libtool
	libusb-dev
	npth-dev
	openldap-dev
	pinentry
	sqlite-dev
	texinfo
	zlib-dev
	"
install="$pkgname-scdaemon.pre-install"
subpackages="
	$pkgname-doc
	$pkgname-lang::noarch
	$pkgname-dirmngr
	$pkgname-gpgconf
	$pkgname-scdaemon
	$pkgname-wks-client:_wks_client
	gpg
	gpg-agent:_agent
	gpg-wks-server:_wks_server
	gpgsm
	gpgv
	$pkgname-utils
	"
source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2
	0001-Include-sys-select.h-for-FD_SETSIZE.patch
	0010-avoid-beta-warning.patch
	0020-avoid-regenerating-defsincdate-use-shipped-file.patch
	0110-avoid-simple-memory-dumps-via-ptrace.patch
	0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch
	0220-dirmngr-avoid-need-for-hkp-housekeeping.patch
	0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch
	0310-gpg-default-to-3072-bit-keys.patch
	0320-gpg-default-to-aes256.patch
	0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
	0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
	0410-make-gpg-zip-use-tar-from-path.patch
	0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
	fix-i18n.patch
	60-scdaemon.rules
	"

# secfixes:
#   2.2.35-r4:
#     - CVE-2022-34903
#   2.2.23-r0:
#     - CVE-2020-25125
#   2.2.18-r0:
#     - CVE-2019-14855
#   2.2.8-r0:
#     - CVE-2018-12020

prepare() {
	default_prepare

	autoreconf -vif
}

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--disable-nls \
		--enable-bzip2 \
		--enable-tofu \
		--enable-scdaemon \
		--enable-ccid-driver
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install

	install -m755 tools/gpg-zip "$pkgdir"/usr/bin/gpg-zip
	install -Dm644 -t "$pkgdir"/lib/udev/rules.d/ "$srcdir"/60-scdaemon.rules

	cd "$pkgdir"

	# install compat symlink
	ln -s gpg  usr/bin/gpg2
	ln -s gpgv usr/bin/gpgv2

	# Remove docs for systemd-user
	rm -rf usr/share/doc/gnupg/examples/systemd-user

	# Remove gpg scheme interpreter - an internal tool used in gpg tests
	rm -rf usr/bin/gpgscm
}

_agent() {
	pkgdesc="GNU Privacy Guard 2 - cryptographic agent"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpg-agent
	amove usr/libexec/gpg-check-pattern
	amove usr/libexec/gpg-preset-passphrase
	amove usr/libexec/gpg-protect-tool
	amove usr/share/gnupg/help.txt
}

dirmngr() {
	pkgdesc="GNU Privacy Guard 2 - network certificate management service"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	provides="dirmngr=$pkgver-r$pkgrel"  # alternative package name
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/dirmngr*
	amove usr/libexec/dirmngr_ldap
	amove usr/share/gnupg/sks-keyservers.netCA.pem
}

gpg() {
	pkgdesc="GNU Privacy Guard 2 - public key operations only"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpg is gnupg1)

	amove usr/bin/gpg
	amove usr/bin/gpg2
}

gpgconf() {
	pkgdesc="GNU Privacy Guard 2 - core configuration utilities"
	depends="pinentry"
	replaces="$pkgname"  # for backward compatibility
	provides="gpgconf=$pkgver-r$pkgrel"  # alternative package name

	amove usr/bin/gpg-connect-agent
	amove usr/bin/gpgconf
	amove usr/share/gnupg/distsigkey.gpg
}

gpgsm() {
	pkgdesc="GNU Privacy Guard 2 - S/MIME version"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpgsm
}

gpgv() {
	pkgdesc="GNU Privacy Guard 2 - signature verification only"
	depends=""
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpgv is gnupg1)

	amove usr/bin/gpgv
	amove usr/bin/gpgv2
}

lang() {
	pkgdesc="Languages for package gnupg"
	depends=""
	install_if="$pkgname=$pkgver-r$pkgrel lang"
	replaces="$pkgname"  # for backward compatibility

	amove usr/share/gnupg/help.*.txt
}

scdaemon() {
	pkgdesc="GNU Privacy Guard 2 - smart card support"
	depends="gpg-agent=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/libexec/scdaemon
	amove lib/udev/rules.d
}

_wks_client() {
	pkgdesc="GNU Privacy Guard 2 - Web Key Service client"
	depends="gpg=$pkgver-r$pkgrel gpg-agent=$pkgver-r$pkgrel $pkgname-dirmngr=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/libexec/gpg-wks-client
}

_wks_server() {
	pkgdesc="GNU Privacy Guard 2 - Web Key Service server"
	depends="gpg=$pkgver-r$pkgrel gpg-agent=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpg-wks-server
}

# Must be the last!
utils() {
	pkgdesc="GNU Privacy Guard 2 - utility programs"
	depends=""
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpg-zip cmd:gpgsplit is gnupg1)

	amove usr/*
}

sha512sums="
2d14000a0e8b36688d5e89372a1ef5f8a526b2724715377323d1f9abd23122aa9d0ab2c0988063c397f969afefbf205aedb7205915fd751c539336e680d8462a  gnupg-2.2.36.tar.bz2
c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7  0001-Include-sys-select.h-for-FD_SETSIZE.patch
0e2aef4ae5c43c43efe2c914534d73f8f7068b49b5826b1f999296c30395497c4af121e4e99152ff7b43dcf56d1792cd46aea5158ca48597d6e0fca6d7358711  0010-avoid-beta-warning.patch
18004e52925b1f03e67a29a3d43b39e8119cf3426cdad4136824b932ad906ac499b4ceb3d7573177a9f16410d3b80c8f0e4bcdc54dd284f3f803a2cef609ad01  0020-avoid-regenerating-defsincdate-use-shipped-file.patch
7c9f38ce480c5f6d06330c9b1fcfe9b32cac2b0b28695beec4e94e48508cf45a4f56ce406abfee795de11ed973598e8544440c3dfc0670cdeb37e27ca1e6caf0  0110-avoid-simple-memory-dumps-via-ptrace.patch
6bc5ac393a72432ef09a31f524db973677fd730166457b881b88e6fad7536ac4fe8cceeed324b578125b9fd4d871645ae9c43c01b3563e00a146e8f835336ac3  0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch
f4778aa2ec8a971ee700114b43b0446425b86459e4b21fd9b534f51de46a7ac9cfd21d79470b422a385e2a0244c54a5fb482ab76b4861f101745f77646f6f483  0220-dirmngr-avoid-need-for-hkp-housekeeping.patch
1c38b039950fa9733e9584ac61d52e12aad56489d7f3aec396b2528d0bf41729971d3fe9b4d04d50595a2a954181892ed1ec93f1b7ade24e4da26744d78598fc  0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch
c4488de65913167a77fbc1c8d3a8867d15171c6021490e443ca0faddcb2109fff23f7f49c9a8922d1acd1e435530fc8a4bafb71f441d3cdf38618d3a113cf7e8  0310-gpg-default-to-3072-bit-keys.patch
00dac445ba9f1c4c7e6078a8068e62e13e05c5b22e1d84b915f6f353eba55c4b172c6ea735f3bb551af0d6073652d3b6f0cafdfb1d6afb309626a7642775416f  0320-gpg-default-to-aes256.patch
9e6c109f6617b4abb7a9d8abd4c8d128247dd21915bf7a75bb6a9f5b6da2a9d4dcee27147db3f88de79e4cb2621222ae62d95c0ce115658ef39bcd01587b5f82  0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
462af7b1e530e00d3870062666ef427d6df57ee8358b043c06fb8b7b54e50891fc8a49beeaabe45d1822d222ffc47da624798ceb8889a02e38ce85612453bb8b  0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
0e4d5d29de5279bda4e8b69334c664068404e697ad9e62868389ef1d97bc1a18d80e834d2d2e8147e0f537a81e6f3b360f18e1a958304a2cc2659c29e68c517a  0410-make-gpg-zip-use-tar-from-path.patch
ac2199f2b49af1c0211ff6f7e441f0f7779d6101c2136f2d7cab0001d260598e4f2f07111aa478dd210a05385daa1f6aec77d9b0de3e379371433b0c82035855  0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
28cba87121c66b1bbc90bb0f3ca8c69ff19376243854577a4d24afa4a3d4a4b8a952a3a7bbecc200058b6f722cfcd4fc72d5630c822f78ef3fc819f972798e34  fix-i18n.patch
4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402  60-scdaemon.rules
"
